diff options
| author | FreeArtMan <dos21h@gmail.com> | 2015-11-21 18:35:44 +0000 |
|---|---|---|
| committer | FreeArtMan <dos21h@gmail.com> | 2015-11-21 18:35:44 +0000 |
| commit | 392811864e4fc54c43d29ce2eadf8efb024963a5 (patch) | |
| tree | 5c5cfc5a83b549af249084a2b89d62ac5b3af941 /md/writeup/using_gdb.md | |
| parent | 5ac3f13244621a40521bd864115749b8876bd817 (diff) | |
| download | md-content-392811864e4fc54c43d29ce2eadf8efb024963a5.tar.gz md-content-392811864e4fc54c43d29ce2eadf8efb024963a5.zip | |
Merged using 'Using gdb' notes
Diffstat (limited to 'md/writeup/using_gdb.md')
| -rw-r--r-- | md/writeup/using_gdb.md | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/md/writeup/using_gdb.md b/md/writeup/using_gdb.md new file mode 100644 index 0000000..9f2cbcb --- /dev/null +++ b/md/writeup/using_gdb.md @@ -0,0 +1,97 @@ +# Using GDB + +GDB is gnu debugger that excists for years and it work on any linux/bsd + supported platform. And time to time there is situation when you definetly +whant debuger, just becouse of our favorite segfaults or just becose whant +to solve at weekends evening some crackme. If you hace used some before +some DOS debugers like Borland Turbo Debuger or just debug then comparing +to gdb this are easy to use tools, and if you compare to OllyDbg then gdb is +just nightmare =]. But yea there is no other choice then that +([ald](http://ald.sourceforge.net/)). + +Will add main points that are need to know to run/debug programm. With time +more stuff will added + +## Run + +```bash +gdb [PROGRAM] +``` + +``` +(gdb) run [CMD LINE PARAMS TO PROGRAM] +``` + +## Setting breakpoints + +Setting breakpoint on speific address + +```bash +(gdb) break *0x800000 +``` + +on specific function + +```bash +(gdb) break _start +``` + +Here is more breakpoint types [Link1](http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_28.html) and [Link2](http://www.unknownroad.com/rtfm/gdbtut/gdbbreak.html) + +## Print registers + +### Intel platform + +General purpose register values + +```bash +(gdb) p $eax +(gdb) p $ebx +(gdb) p $ebp +``` + +print value in hex + +```bash +(gdb) p/x $eax +``` + + + +## Print memory + +print one byte in specific adress +```bash +(gdb) x/u *0x808080 +``` + +print array of 16 bytes in hex +```bash +gdb) x/16xu *0xffffd310 +``` + + +from register value + +```bash +(gdb) x/4xb $ebp-0xc +``` + +## Print current position instruction + +```bash +(gdb) x/i $pc +``` + +## Step + +```bash +(gdb) step +(gdb) next +``` + +### Links + +1. [http://althing.cs.dartmouth.edu/secref/resources/plt-got.txt](http://althing.cs.dartmouth.edu/secref/resources/plt-got.txt) +2. [http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_28.html](http://ftp.gnu.org/old-gnu/Manuals/gdb/html_node/gdb_28.html) +3. [http://www.unknownroad.com/rtfm/gdbtut/gdbbreak.html](http://www.unknownroad.com/rtfm/gdbtut/gdbbreak.html)
\ No newline at end of file |